Information Security Engineer Lead (Red Team)

Job Overview

Netskope Global Information Security organization is looking for a security engineer to be part of redteam and offensive security operations. This position will be responsible for leading the team responsible for assessing the Netskope products and cloud services from a holistic security perspective. A successful candidate should have strong offensive technical skill sets and can identify and provide recommendations for security vulnerabilities pertaining to varying technologies and environments.

Roles & Responsibilities

• Act as a SME for offensive security technical areas
• Perform comprehensive security assessment of, but not limited to, web & mobile application, containers, k8s, thick client, cloud environments
• Perform triage and implement SAST, DAST and SCA process
• Communicate and collaborate with multiple stakeholders like engineering, SRE, QA for security initiatives
• Providing assistance in regulatory compliance like FedRAMP and PBMM
• Support junior team members in their authoring of reports and issues and help in day-to-day operations
• Support and recreate proofs of concept from security reports
• Support the PSIRT (Product Security Incident Response Team)
• Automate day-to-day red team tasks

Qualifications/Requirements

• 6+ years of penetration testing, application security, red team experience in highly diversified and high growth organizations.
• Understanding of application frameworks and how to approach security as well as security pitfalls with them
• Proven expertise & track record in web and mobile application penetration testing (Web, Mobile, API/Web Services) - DAST and SAST
• Experience in leading the team of 3-5 members in security testing domain
• Should have experience with tools Burp suite professional, Metasploit, Tenable, SQL Map and Nmap
• Experience in regulatory compliance like FedRAMP and PBMM
• Have experience in developing exploits and tooling from vulnerabilities both pre and post exploitation and lateral movement
• In-depth knowledge of OWASP Web and Mobile Top 10 vulnerabilities, identifying, exploiting and remediation of them
• Good knowledge of TCP/IP and other application and network level protocols
• Be able to author and issue reports on assigned application and system scan
• Good exposure to cloud service providers like AWS, GCP and other SaaS applications
• Experience in automating security tasks using Python or any other scripting language
• Should be able to think "Out of the box". Possess ability to think and implement new attack approaches/vectors
• Should possess relevant university degree and/or professional qualifications/certification (e.g. CEH, OSCP, CISSP)
• Excellent written and verbal communication skills
• Self-motivated, curious, knowledgeable pertaining to news and current events

#LI-SC1